Configure/provision S3-buckets on ONTAP about netapp.ontap HOT 21 CLOSED

@Furragen what is the command you use to do this manually today?

from netapp.ontap.

The process of configuring S3 via the cli can be a little bit complex, depending on your use case.
It is documented here: https://docs.netapp.com/us-en/ontap/pdfs/sidebar/S3_configuration_with_the_CLI.pdf

If you want, I can outline how I would do it at the moment, but that may not apply to others possibly using the modules.

from netapp.ontap.

@Furragen i think that is covered in the Object_store module (https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_object_store_module.html#ansible-collections-netapp-ontap-na-ontap-object-store-module)

This module maps to the cloud/target rest API.

https://library.netapp.com/ecmdocs/ECMLP2879871/html/#/cloud/cloud_target_create

Let me double check with the rest of the team though

from netapp.ontap.

Ok i talked with the team look like Object_store should cover things up until page 19.
We'll need 2 new modules to cover

• /protocols/s3/buckets -- https://library.netapp.com/ecmdocs/ECMLP2879871/html/#/object-store/s3_bucket_create
• /protocols/s3/services --https://library.netapp.com/ecmdocs/ECMLP2879871/html/#/object-store/s3_service_create

I'll go ahead and create internal stories for these.

from netapp.ontap.

I have Stories

• DEVOPS-4805
• DEVOPS-4806

open for these 2 new modules.

from netapp.ontap.

Hi @carchi8py ,
thanks for the feedback.
I was under the impression that the Object_store-module is used to configure external objectstores for storage tiering.
So thanks for the clarification.

Looking forward to the new modules.

from netapp.ontap.

@Furragen could you let me know if the new s3_bucket module address what was currently missing?
https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_s3_buckets_module.html#ansible-collections-netapp-ontap-na-ontap-s3-buckets-module

from netapp.ontap.

Hi @carchi8py ,
thanks for working on this and creating the new module so fast!
I will try to check it out asap.

from netapp.ontap.

So, I started to write a playbook to test this out today, but I still am stuck with the Object_store-Module.
The docs say, I have to create a object-store-server (page 20 at the bottom and following).
I was under the impression that I would do that with the Object_store-Module. But this module does not seem to have a parameter to set the vserver to create the object-store-server in.
Did I miss something here or do I read the docs of the module wrong?

Just to test the new bucket-module I did the creation of a object-store-server via the cli and then used Ansible to create a bucket, which worked fine.
But would I not also need a module to create S3-users?
Also, on the cli I can specify the size of the bucket in GB/TB/PB. Would it be possible to get this in the module as well?

Thank you for your work, this looks very promising!

from netapp.ontap.

Let me look in to this. Our modules use the REST API which is rather different than the CLI

Look like our module which is using /protocols/s3/buckets/ cover page 22 onwards https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html#/object-store/s3_bucket_create

and I think page 20 is /protocols/s3/services (https://library.netapp.com/ecmdocs/ECMLP2882307/html/index.html#/object-store/s3_service_create).

It looks like /protocols/s3/buckets will auto create a /protocols/s3/services in an enabled state when called. But let me double check

With that said we will need modules for creating groups and users.

from netapp.ontap.

I just tested your theory regarding the auto creation of a object-store-server on creation of a bucket.
It does not seem to work that way.
The bucket is created, but the vserver does not add s3 to its protocols and no object-store-server is created.

from netapp.ontap.

Thank i came to the same conclusion after talking to a few ONTAP people

• Story 5110 for Service
• Story 5111 For S3/Users
• Story 5112 for S3/Groups
• Story 5113 for an S3 role (to group everything together)

from netapp.ontap.

@Furragen story 5110 and 5111 made it in this month's release.

So you should be able to use bucket to create the buckets-- https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_s3_buckets_module.html#ansible-collections-netapp-ontap-na-ontap-s3-buckets-module

• Users to create the users -- https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_s3_users_module.html#ansible-collections-netapp-ontap-na-ontap-s3-users-module
• service to create the service (and attach the users and buckets to it)
  https://docs.ansible.com/ansible/devel/collections/netapp/ontap/na_ontap_s3_services_module.html#ansible-collections-netapp-ontap-na-ontap-s3-services-module

I'm working on getting group in the next release (for july) and a role that will put all these steps together so you don't need have have 4 different plays.

from netapp.ontap.

Sorry for coming back late to this issue, I will try to test this as soon as possible.
Looks very promising :)

Thanks a lot!

from netapp.ontap.

So, I have been able to test the modules and they work as expected 👍

Just one thing: if I create a s3-user via the module, I have to login to the netapp, get advanced privileges and show the user on the cli to get the secret key. Is that correct or is there another way to get to the secret key?

I guess it would be convenient to have the secret key as a return value to be able to write it a vault or something.

from netapp.ontap.

@Furragen I'll add a new story to return that.
I'll return the secret key (does the access key is also needed)?

from netapp.ontap.

Yes, the access key would also be needed, thanks.

from netapp.ontap.

Hi @carchi8py ,
where are you on this?

from netapp.ontap.

As part of the 21.21.0 release, we should have everything in place (last month release)

• na_ontap_s3_groups and policies were added
• na_ontap_s3_users returns the secret_key and access_token on user creation
  and a few bug we found in buckets was fixed
  https://github.com/ansible-collections/netapp.ontap#21210

The only story I have left open was to make a role for S3 for all the s3 tasks to be grouped together.

from netapp.ontap.

Has the group-module some sort of different requirements?
All other modules work fine, but no matter how simple my approach to the group-module is, I always end up getting this error:

ansible_collections/netapp/ontap/plugins/modules/na_ontap_s3_groups.py\", line 151, in get_s3_groups\nTypeError: 'NoneType' object is not iterable\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1

This is of course not the complete output, but before that its just paths to the files of Ansible and warnings regarding ssl.
To me this looks like Ansible is trying to get the s3-groups in the vserver but is unhappy with what it is getting returned.

Any ideas?
Is Python 3.8 maybe too old for this?

from netapp.ontap.

Sorry, that one was on me. Needed to look at my code again.
From my point of view this is now done.

Thanks again for your work! :)

from netapp.ontap.